I've been running codeigniter on my production servers for quite some time without any issue. Spontaneously this afternoon I started receiving errors with people not being able to post to any of my forms.

After looking into it I noticed that my csrf_cookie was not being set. Has anyone ever encountered this issue? My config['csrf_protection'] is set to true and nothing else has changed.

What's confusing me even more is that my development box which is running the exact same code as production is setting my csrf token just fine. Weird one!

Codeigniter is simply one of the tools you need to learn to be a successful developer. Always add more tools to your coding arsenal!

Self hosted or w/ a hosting company? My host will make server changes and do updates that break my site every so often. I usually call them up and they fix it. Especially if you haven't made any changes and it just stopped working, I'd blame the host.

For anyone who runs into this issue in the future, here's what I went through.

I use Cloudflare as a DNS provider which routes my url to an elastic load balancer in amazon. The connection the user has to my cloudflare dns has HTTPS encryption, but somehow the connection from cloudflare to my elb to my servers lost their HTTPS. So while the user was still transmitting all data via HTTPS, the codeigniter app still saw the request as non https.

On line 267 of system/core/Security.php You'll see

PHP Code:

if ($secure_cookie && ! is_https()){return FALSE;}

Thus it was returning false and not setting my csrf cookie.

Problem solved though!

Thank you skunkbad for the input though, I wasn't even thinking of something 'outside' of the app since it's all hosted on amazon. +1 rep for you

Codeigniter is simply one of the tools you need to learn to be a successful developer. Always add more tools to your coding arsenal!